[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Minios-devel] [UNIKRAFT PATCH v3 1/3] lib/uksp: Introduce uksp library
On 04.12.19 16:14, Vlad-Andrei BĂDOIU (78692) wrote:
From: Vlad-Andrei BĂDOIU (78692) <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
This library provides the necessary functionalities for the stack
protector.
A make clean is required when toggling the stack smashing protection
option.
Signed-off-by: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
---
lib/Makefile.uk | 1 +
lib/uksp/Config.uk | 4 ++
lib/uksp/Makefile.uk | 5 +++
lib/uksp/exportsyms.uk | 2 +
lib/uksp/include/uksp/stackprotector.h | 56 ++++++++++++++++++++++++++
lib/uksp/ssp.c | 43 ++++++++++++++++++++
6 files changed, 111 insertions(+)
create mode 100644 lib/uksp/Config.uk
create mode 100644 lib/uksp/Makefile.uk
create mode 100644 lib/uksp/exportsyms.uk
create mode 100644 lib/uksp/include/uksp/stackprotector.h
create mode 100644 lib/uksp/ssp.c
diff --git a/lib/Makefile.uk b/lib/Makefile.uk
index 4b9568a1..735d0eda 100644
--- a/lib/Makefile.uk
+++ b/lib/Makefile.uk
@@ -34,3 +34,4 @@ $(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/uktime))
$(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/ukmmap))
$(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/ukblkdev))
$(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/posix-process))
+$(eval $(call _import_lib,$(CONFIG_UK_BASE)/lib/uksp))
diff --git a/lib/uksp/Config.uk b/lib/uksp/Config.uk
new file mode 100644
index 00000000..497381a3
--- /dev/null
+++ b/lib/uksp/Config.uk
@@ -0,0 +1,4 @@
+config LIBUKSP
+ bool "uksp : stack protector"
In order to make the library title inline with the others, please remove
the space before the colon and start with a capital letter after the
colon. For instance: "uksp: Stack protection"
+ select LIBUKSWRAND
+ default n
diff --git a/lib/uksp/Makefile.uk b/lib/uksp/Makefile.uk
new file mode 100644
index 00000000..6c391c9d
--- /dev/null
+++ b/lib/uksp/Makefile.uk
@@ -0,0 +1,5 @@
+$(eval $(call addlib_s,libuksp,$(CONFIG_LIBUKSP)))
+
+CINCLUDES-y += -I$(LIBUKSP_BASE)/include
+
+LIBUKSP_SRCS-y += $(LIBUKSP_BASE)/ssp.c
diff --git a/lib/uksp/exportsyms.uk b/lib/uksp/exportsyms.uk
new file mode 100644
index 00000000..fbc319e7
--- /dev/null
+++ b/lib/uksp/exportsyms.uk
@@ -0,0 +1,2 @@
+__stack_chk_fail
+__stack_chk_guard
diff --git a/lib/uksp/include/uksp/stackprotector.h
b/lib/uksp/include/uksp/stackprotector.h
Hum, do you really want to put the headers under
<uksp/stackprotector.h>? I would do it inline with our other Unikraft
libraries and add it within the `uk` name space: <uk/sp.h>... But
overall, I even think that we do not need a header for this library. I
would declare the init function as uk_ctor function - no need to call it
directly from lib/ukboot.
new file mode 100644
index 00000000..2410b21b
--- /dev/null
+++ b/lib/uksp/include/uksp/stackprotector.h
@@ -0,0 +1,56 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Authors: Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
+ *
+ * Copyright (c) 2019, University Politehnica of Bucharest. All rights
reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY.
+ */
+
+#ifndef __UK_STACKPROTECTOR_H__
+#define __UK_STACKPROTECTOR_H__
+
+#include <uk/swrand.h>
+#include <uk/config.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern unsigned long __stack_chk_guard;
+
+static __attribute__((always_inline)) void boot_init_stack_canary(void)
+{
+ __stack_chk_guard = uk_swrand_randr();
+}
I would put the init function into ssp.c and declare it as system
constructor:
UK_CTOR_FUNC(UK_SWRAND_CTOR_PRIO + 1, init_stack_canary);
You would call it directly after libukswrandr was initialized. In order
to get the priority value, we maybe want to move `UK_SWRAND_CTOR_PRIO`
definition to the <uk/swrand.h> header.
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __UK_STACKPROTECTOR_H__ */
diff --git a/lib/uksp/ssp.c b/lib/uksp/ssp.c
new file mode 100644
index 00000000..79fd0e55
--- /dev/null
+++ b/lib/uksp/ssp.c
@@ -0,0 +1,43 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Authors: Badoiu Vlad-Andrei <vlad_andrei.badoiu@xxxxxxxxxxxxxxx>
+ *
+ * Copyright (c) 2019, University Politehnica of Bucharest. All rights
reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY.
+ */
+
+#include <uk/assert.h>
+
+unsigned long __stack_chk_guard;
+
+__attribute__((noreturn))
+void __stack_chk_fail(void)
+{
+ UK_CRASH("Stack smashing detected\n");
Maybe we want to add the current stack pointer to the message in order
to simplify debugging. There should be a platform API function that you
can use to retrieve the sp.
+}
_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel
|
